CNNVD-202510-3964 Information
CNNVD ID
CNNVD-202510-3964
Related CVE
- CNNVD Published: 2025-10-29
Description (Chinese)
FluxCP是rAthena开源的一个基于 web 的控制面板。用于用 PHP 编写的 rAntha 服务器。 FluxCP存在安全漏洞,该漏洞源于状态更改POST端点接受仅由会话Cookie授权的浏览器发起请求,可能导致跨站请求伪造攻击。
Description (English)
FluxCP is a web-based control panel for rAthena open source. For the rAntha server that PHP prepares. FluxCP has a security loophole, which stems from the status change POST endpoint accepting a request from a browser only authorized by the session session, which may result in a cross-site request for a false attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
rAthena
Published
2025-10-29
Last Modified
2026-02-24
References
https://github.com/rathena/FluxCP/security/advisories/GHSA-5w2g-8cqq-r4fr https://github.com/rathena/FluxCP/commit/e3f130c4a2ccd615a3ee2ee0302ecbfbd84747e6 https://access.redhat.com/security/cve/cve-2025-62797
Patch
https://github.com/rathena/FluxCP/commit/e3f130c4a2ccd615a3ee2ee0302ecbfbd84747e6
Share on: